Stokey asks:
"I work for a global finance firm, (60000+ employees and presence in 25+ countries) in the Group IT department. Pressure is building from the businesses to cut costs and Open Source software has been pushed onto the discussion table. I am trying to educate IT Directors where I can with correct definitions, breaking down assumptions, and will most likely end up writing the group wide Open Source policy. The challenges are well known: risk, cost, support, licensing, benefits, training, and so forth. I am looking for help in putting together a pack that can be handed to our IT Directors forum which contains a policy, TCO (Total Cost of Ownership) reviews, and risk reviews by companies that have done it. After asking what Gartner has to say, the next question will be 'So who else has done this?'. Can Slashdot assist?" What information do you think should be included to sell Open Source to management at the top-level of any corporation or business?
I'm sure several of you have run into this situation before, so I figure this may be as good of a place as any to suggest what information might be appropriate to place in such a policy, especially for future IT workers who find themselves in this position. If people are serious in getting Open Source further into the enterprise than it has already is, such information will be necessary to convince the powers-that-be on the things that we already know: Open Source can be as good as, or better than, commercial software for business tasks. Things like licensing descriptions, common misconceptions, and what Open Source really is would be an absolute must. What other information do you think would be absolutely necessary to include into such policy?
Slashdot Mirror
I don't know why people think of a product as open source or not when doing deployment. Just think of it as linux or windows or mac or whatever the product is with whatever the feature you need.
How silly would it be to say to any manager, yeah... we're not deploying this because I can see the #includes and functions. That's essentially what people are saying, when they say no to open source.
Your company is very large. You must be using many open source solutions in many ways already. You should start there by identifing what is already being used and how effective they are. Thereby providing your own case studies.
http://Lenny.com
It really depends on how your bosses understand the situation.
If they're more of the PHB kind, go "Linux is Free, we don't have to pay nothing, yadda..."
Now, in the "willing category":
1 - replacing WIndows w/ Linux at workstations may be a good idea. After all, their main use is Word Porcessing and E-Mails...
2 - In the server side, there are good choices too, but then there is support...
how long until
How's that for a start?
-JemYou are fortunate to work in a company that is open to open source. I work for a large software company (10000+ employees in several states), and the official policy is that nobody uses any open source software, because if somebody sues us there isn't a company we can turn around and sue. This is seriously the primary reason - I've had one-on-one discussions with our lawyers on this issue.
Personally, I violate that corporate directive on a daily basis - I run linux, I use mozi^h^h^h^hphoe^h^h^h^hfirebird^h^h^h^hfox, etc. I do have to rdeskop to a windows box for corporate email and to use word+excel, as many people in my same position have to do. But 100% of my development (java) is done on linux.
This post is licensed under the Creative Commons Attribution-Noncommercial-No Derivative Works 3.0 License.
Assuming you're advising management, or perhaps the CXO level, what you want to focus on is cost. Price. TCO.
Executives don't give a flip about "open source," or "contributing to the community," or "furthering the Free Software movement," etc. Executives do care very much about what they're spending on IT.
Consider the cost of 60,000 Windows workstations vs. 60,000 Linux or FreeBSD workstations. Do some calculations based upon the Windows licensing scheme vs. "free." The differences will undoubtedly be astronomical. Don't push the "free" aspect over the top; factor in the legitimate costs of a) switching existing workstations to an open source OS and b) supporting users migrating from Windows to the OS you choose. Any open source OS will still come out way ahead, even with the cost of switching.
Finally, I would advise that you forget what Gartner has to say, unless your superiors are totally sold on Gartner results.
I work for a massive-global corp and getting an OpenSource policy in place would be impossible. My suggestion would be to start with a small group. For example, the group I'm with has been denied licenses for PowerPoint do to cost reasons. The solution was to distribute OO to our team members so that we can create PP compatible presentations for distribution and viewing.
If you were to identify those kinds of groups that have been denied or lack software packages do to cost reasons, then you might be able to make similar in roads.
- Have your policy/standard give prescriptive guidance about when you feel it is - and is not - appropriate to use open source. I'm not saying there are necessarily cases where you may not want to use open source, but there may be. For example, our shop is a big WebSphere user, and for us that was a strategic choice. We have good operational competence at running it too. So, just because some project came along and said "we'd like to use JBoss", that would be a good example of when not to use open source - for us, anyway.
- For cases where you do use open source, make sure that the sponsoring project for some particular open source tool has clearly identified how it will be supported in production. This may be the team itself, it may have chosen to outsource, who cares... But, make sure they do identify a source of support. Otherwise, when stuff breaks a 2AM, the ops folks will just call *everyone* in...
...probably including you.
- Make sure that your General Counsel's Office is thoroughly briefed on the various kinds of open source license agreements, and that they are ok with the license for the particular open source tool when it is "acquired". Some licenses may not be compatible with all commercial usage (LGPL is probably the worst offender from this perspective), and thus careful review is appropriate. In any case, if you don't get your GCO on your side, they'll shoot you down in flames...
- Make sure that your policy/standards differentiate between where it's appropriate to *use* open source, vs. where it's appropriate for you to *contribute* to it. There are at least two reasons for this: a) if no one gives back, the quality of open source software will suffer; and b) there are often cases where it's better to give up both work (as well as "intellectual property") rather than doing something proprietary. For example, three or four years ago my own company had decided that we needed an MVC-based front-servlet design. It proved very handy, and as projects like struts came along, we just dumped some of the core ideas into that project. Over the long-haul it is much better for us to have our needs supported directly by open source products, than it is for us to have to build a bunch of proprietary goo.
- You will likely have another fight on your hands with the aforementioned lawyers on the idea of contributing to open source, but it's worth fighting for. (Our own GCO just didn't get this, and I'm not sure whether they fully do yet. They have a distinct feeling that our IP rights are such that we should own the universe.)
- Expect a fight. There will be a certain number of folks "from the Dark Side" who view open source as a threat to Civilization As We Know It. Take no prisoners with these types...
Good luck!"The time is always now" - Victor
Talk to your peers in other financial companies. I know quite a few use open source. Feel free to send me an email at michael_j_mangino@bankone.com if you want to talk about this in more detail. I can give you some information abotu what other companies are doing.
Mike Mangino
mmangino@acm.org
Or you could start your own Meta Open Source project. Getting the help of the open source community to construct your policy and then donate the result under the Creative Commons. Use a wiki or sourceforge project as your home.
So there you have it: one Linux server that used to run Sendmail, anti-virus, NIS and DNS get's replaced by 1 Exchange server, 2 AD servers, 1 IIS server, 1 anti-virus server. 1 linux box replaced by 6 Windows servers at considerable cost and we lost our ability to chose the right tool for the job for that whole chain.
Agreed - provisionally. You made a good point for the higher TCO of Outlook there though, which should push it to the bottom. Unless, of course, it turns out that your users are actually productive enough with the groupware functionality of Exchange to justify the expense of the additional servers, licenses and maintenance - which could be true or false, depending on your company. Everything is, after all, relative.
You're special forces then? That's great! I just love your olympics!
I am the IT Director at a much smaller (100+ employees), so this advice may not wash in just a vastly different culture. I have found that it is much easier just to do it, and then point to it when it is up and working at a reduced cost. I have found great success in this approach.
"Here are last year's costs...here are this year's costs. Wow, is that a lot less or what?!"
YMMV, of course...
While (as you rightly pointed out) it is quite clear there are advantages for and against individual opensource an proprietry products, there is also an argument to be made for opensource in general.
This is not to say that every open source product has better (or even equivilent in some cases) functionality, but that the very fact that it is open source has benefits. For a large multinational such as the submitter is enquiring for, one of the big wories must be ownership and continuity of support for whatever product / projects they use in their IT infrastructure.
Pick a proprietry product, and a company going bust or mearly becoming uncooperative could result in a large risk to your ability to maintain your internal infrastructure - be it through bug fixes or introducing new features.
By choosing an opensource strategy, it will always be possible to either maintain such systems internally, or shop around for someone appropriately qualified to make the changes you need. Purchase and maintainance TCO are good arguments, but IMHO the biggest factor to large multinationals will be one of reduced risk, and therefore there can be a benefit by choosing a lower featured opensource product over a traditional proprietry one.
Open Source IS what you want to sell. Start with the proprietary licenses, you'll be amazed what you find if you're actually able to read what it is that you've bought (a license). Example: One of the arguments you'll hear against OSS is lack of warranty, yet most proprietary licenses exclude warranty of merchantability.
Include the story of Ernie Ball, a great example of one of the risks of proprietary software.
Get a few copies of Revolution OS to pass around. Those who can't sit still long enough to read may be able to be captivated by TV.
Open protocols are more important than open source. Avoid vendor lock-in. If your information is in a proprietary protocol, who really owns it?
I run a 6000 user network in the healthcare industry. The first thing I had to do here was dispel the stupid myths such as open source software is insecure because so many people can change it. This was difficult because of the power of the Gartner Group and other orgs like them. In fact, the network manager was so Microsoftized, it took going over his head to the CIO in order to get people to start listening. That was quite a risky move but luckily it worked.
The second thing I did was set up parallel apps that mirrored the same thing the company was doing with their closed sourced systems (Windows). This included setting up squirrelmail to connect to the Exchange servers, setting up Linux-based SSH boxes (we had SSL-based FTP) and setting up a Snort box to rival the ISS IDS that was installed. Once they got a taste of how good (and cheap) the software was, management starting coming around. Another thing that helped was the software that I mirrored on Linux boxes were apps that we had been experiencing consistent problems on. The Outlook Web Access and the IDS servers kept crashing so that was easy. The more challenging one was the SSL-based Windows FTP server. I prevailed when I got our customers to start requesting SSH client access (a little comment every now and then doesn't hurt). Most of our customers were running a UNIX-based system so once they found out that we could possibly start using something native to their systems, they started requesting it through our sales reps.
It also helps to get in good with your business partners' IS department.
This letter and the examples following below convince me that the push to convert to Linux-Open Source will not come from the developed world's corporate environment, but, rather, from the undeveloped world.
Linux-Open Source will be adopted there first because there won't be the money available to buy Microsoft or other large private closed software solutions. As the developing world's entities grow larger and richer over the years, they will become the force that will be most successful at convincing wealthy corporations to develop parallel open-source software stuctures to Microsoft-SAF-Oracle, ect...
In this light, it is to Microsoft's advantage that the entities with limited resources for software in the developing world continue to use easily pirated software. People will use pirated Windows when they are poor and as they get more resources they will buy licenced versions of the same software in order to reduce linkage costs with global institutions that have used proprietary software since day one.
It would be in the interests of the open-source community to demand software companies put as much copy protection and install encryption techniques as possible on their products!
The poster of this 'Ask Slashdot' probably makes 2-3 times what I make (if not 10x-20x in stock options alone) and yet he's willing to listen to my poorly informed ideas on such an important matter?! Truly hilarious!
Sometimes folks get promoted into positions of power and influence because they realize that the best answers aren't necessarily the ones you pay the most for. Indeed, isn't that one of the major selling points of OSS--that paying more does *not* always get you more?
A request for opinions is exactly that. You didn't really think he was going to use your opinion to supplant his own, did you?
Dan
Between the FUD that Microsoft and SCO have been throwing about, most non-technical people will have a very confused view about things like the GPL and open source IP issues. You have to be prepared to address these in simple, easy to understand terms and examples.
For instance, a lot of people get scared by the 'viral' GPL FUD, and think using open source products means they have to release all their own IP crown jewels to the public. You might counter this by pointing out that you can write closed source software with open source tools all you want, and only run into trouble if you actually incorporate their code into your product. Because this is something you couldn't do with non-open source software anyway, as you never see the code, the percieved risk isn't a factor for doing things the way you're used to.
Anti-open-source people have been throwing a lot of FUD around lately. The people you are trying to pitch this policy have heard some of it, and probably don't spend lots of time on Slashdot or Groklaw finding out the whole story. Part of your role is going to be to dispel all this FUD about the GPL, IP issues, and such.
This is a great time to be involved in open source.
Congrats for drawing such a difficult but worthy and rewarding assignment. I have a couple thought s for the policy.
It must encourage and reward people for finding creative and effective open source solutions that save money and increase productivity.
It should make provisions for continuing research, and have a framework for studying recommendations made by individuals. Possibly by committee.
Doing these things will take steps toward the creation of an open source 'culture' in the organization. It gets people interested and involved, and gives the IT management a throwback when people cry that they don't like this or that.
Good Luck!
--Fargo007
They're less costly over the long run, have a BIG company behind
:-)
them so the old "but who do we go for when we need tech support?" dilemma is solved, they run Microsoft Office, are easy to use and powerful.
Even I have a hard time recommending Macs at my job, so I can't imagine what trouble I would have if I were to recommend a flavor of GNU/Linux.
It's all in the way you present it, and how you can educate others. Show them examples of compatibility, have a "test" computer on the network for a month to show that GNU/Linux can not only sit on the network, share files, open those files, and be useful for work, but it is also safe, good-looking and free.
Cost is either a primary issue or a final issue. Meaning?
Primary issue: We need something cheap!
or
Final issue: Sure that's nice, but it's cheap/free so it must have
some hidden costs or be a wolf in sheep's clothing
Either you go to buy something for the price, and not the quality, or you go for quality and price is figured in last.
Show M$FT alternatives based on power, speed, ease of use,
and quality. Once they see that, hit them with the price tag.
At least that's what us Mac zealots do to win over PHBs.
Although I haven't had the opportunity to give this talk yet, I've been keeping my eyes open to what people are saying where I am. A lot of other people have made good comments, I'll only state the key points I would make.
I got nailed a few months ago in a discussion on this issue by someone asking the question of an internal group that was proposing to develop an application based on an open-source framework. The question was simple: "What happens if you decide to leave, how do we support it?" All the arguments that came into my head wouldn't work, those evaluating this were not technologically savvy and could care less about actually having the source (few people actually do care about that, a point made strongly elsewhere). In a pure George Castanza moment, afterwards I realized that although there isn't a good answer to that question, there is a very valid rebuttal question: "What happens when the private company who you purchased software from goes out of business/gets purchased/stops supporting that product?" At least to me, it was a new way to look at the same question, and since that's probably the most common question that will come up, since people are always looking for support, it's very important.
Other than that, two things: (1) check cio.com because they have a lot of articles and research on how to sell open source to your business people, and (2) don't be a zealot, they can smell it on you, but approach it from a rational business angle and have answers/rebuttals to the typical questions (see above) and it will impress the business types, who could honestly not care less about the religion of open source.
I have been let down by more software development houses than I want to remember.
Despite the fact that you pay them thousands of pounds a year, they don't tell you that your management console will not be able to rollout the latest anti-virus update until it breaks. That is what I am paying for.
Or the latest patch of a Major OS will systematically kill every single Network Card authentication signature in the registry. That is what I am paying for.
How about being lied to by sales department that tell you that this software will work with the systems you have in place. They don't check with their technical department and wait till our purchase is complete and when I try to install I find out the bad news. It seems that it crashes your server and has consistently done so for the past month on all other servers of your type that it has been rolled out on. That is what I am paying for. Thank you very much
If you look at it over the past 8 years, I have had more success with every single open source product I have rolled out than the multitude of proprietary software that I have deployed over the years.
So don't give me this will open source live up to the trends set by proprietary code. For me they have already surpassed the quality of proprietary code.
In my opinion Gartner would be one of the least reliable sources of information on open source software, TCO, ROI, etc. They earned their reputation on supporting proprietary solutions and in particular Microsoft. In the last two years, however, they gradually modified their stance and now are more couscous, especially since the security problems of Microsoft are undeniable.
One possible place to look for help are actual case studies and down-to-earth approach for business solutions such as Andrew Grygos' article "Should Your Business Use Linux?" - you can find it on: http://www.aaxnet.com/editor/edit010.html.
Since I also do IT consulting, my advice is to focus on what applications are used by employees in what departments. Can those be substituted with open source software? In growing number of cases most office programs can be substituted with OpenOffice and CrossOver combination, or better yet with SoftMaker suit that is becoming a very reliable solution for office work and includes file formats for MS Word, etc. Their website is: http://www.softmaker.de/index_en.htm
By doing TCO, say with SoftMaker, it is obvious that open source solutions win big time against MS Office, etc.
IP was invented for the sake of lawsuits.
When will I learn? You really can't try simplify something to drive across a point without someone calling you a liar. OK, here goes a point-by-point reply:
Based on your assertion that you previously ran nearly everything on a single linux server - implying a fairly small company - I'd just like to make a few observations that point to you having made the whole story up.
Actually the company was a bank. Granted, a fairly small bank, but I don't think it qualifies as a small company. About using a single server, that's not entirely acurate. We had two for failover, even if the second one was never used because we never needed to use it.
Primary and Secondary Servers: There is no such thing as Primary and Secondary Active Directory servers in a domain. There are just ADS servers, which hold the distributed ADS database, and member servers, which don't. Master/Slave or Primary/Secondary was NT 4.0.
Fortunately, I'm not a Windows administrator. Anyway I apologize for incorrect use of Microsoft terminology. The bank hired Microsoft itself to perform the installations and Microsoft suggested we used 2 AD servers.
DNS is integral to Active Directory. You don't have a seperate DNS server.
You could easily have made the Exchange server an ADS server in case of failure on the primary - or, considering you imply you were running everything on one linux server, just run Exchange on a machine that's also the domain controller.
Again, not my call. Microsoft suggested that we have should have a server per service, as they put it. That goes for the antivirus too. We ended up with another windows server for that function because Microsoft said they wouldn't accept responsibility for the antivirus stuff if every mail was forwarded from an open source machine.
You have to balance the time savings the company made by using the Outlook Groupware functions against the cost of any additional machines or software. This is why the actual difference to the bottom line of a company that Open Source makes is so negligible.
I already replied to that. The same functions could have been implemented with alternative solutions, including open source and proprietary such as Lotus. Outlook is not the only possible way to achieve that.
1 Exchange Server + 2 ADS Servers + 1 IIS Server + 1 AV Server is five Windows Servers, not six. If you can't do basic Maths, I'm not suprised your boss over-ruled you. If it was true, I agree with you: You should have stuck with Linux, because you clearly know nothing about Windows Servers.
Oops, I'm sorry: 5 servers, not 6, you are correct. Actually my boss did not overrule me, he agreed with me. We were both overruled by HIS boss. You are also partly correct regarding my Windows knowledge: I don't have a lot, that's why I hired Microsoft for the consulting job and we followed their specifications to the letter. After the whole experience I decided I really didn't want to know a lot about Windows servers, that's why I don't work there anymore.
..because what you're going to try to do is my very business. We're doing OSS migration and OSS project customization for small copmanies and _very_ large corporations (Pharmacy) and I'd could come up with a billion things to say. Since I've been working this field all day for a few months without an end I'll cut it short:
The world of closed source has ended. Period.
It's that simple. I wouldn't bet another single dime on a company focusing on a businessmodel that concentrates on the selling of closed source. Hell, even Macromedia - one of the few that actually made a steady revenue with closed source, mind you - has set up their newest product as a _service_ ('breeze') and not as the usual enveloped CD in a box of air!
Not convinced? Do it the other way around: Tell me why _should_ a company _go_ closed source? Stick with it till it's amortised? Ok. SAP has another few years, maybe even a decade, and only a maniac would try to migrate a company the size of, let's say, Volkswagen, from SAP to a custom compiere or GNUe enviroment or something simular right now. Nuclear Plants are also a special thing. But they are in various ways and are somewhat another league where closedness or openess doesn't really count.
For all else goes this:
Every day I'm helping companies do the transition and make the first steps. These companies are in time. In 5 years from now we'll all be the computer software craftsmen/women and MS and Co. will have a hard time adapting. The companies without the awareness to leave the update treadmill will just waste another round of cash and lose it in the end.
Closed Source has had it's day. It's really that simple. If you're building something new or restrucutring, follow up or waste big money. That's all there is to it.
We suffer more in our imagination than in reality. - Seneca
Quoting ... organisation-specific references removed.
"The purpose of this communique is to advise you that the [IT Department] is currently developing a policy and an approval process for Open Source Software (OSS) that will be published sometime during this quarter.
What is OSS and why do we need a policy? In today's computing environment anyone with an Internet connection has the ability to download and use value-added software products at little or no cost. Unfortunately, this software may or may not be supported, could pose a security risk and may present legal implications. There may be cases where application developers are including unapproved software in application code that will eventually run in the production environment. In such cases, if the software is not adequately tested, it has the potential to cause problems to the computing platform or to the application itself and may pose a potential security risk.
This unapproved software falls into one of three categories:
Development Software - used to assist projects in the development of applications, but will not be included in the application and therefore will not run in the application production environment
Application Software - included in an application and therefore will run in the application production environment.
System infrastructure software - required to run development software and/or application software, or simply to provide or enhance infrastructure services.
All open source software must be supported by at least one of the following:
- A vendor (with a support agreement)
- A support area within the [IT department]
- An identified Functional Owner who agrees to support the chosen software.
The approval process being developed will cover all types of software and will be managed by the [Software Acquisition section].
Until the policy and approval process are in place, we would like to remind all staff that only approved software is to be used on networked devices or any other desktop device.
In the interim, if you are using or plan to use Open Source Software that is not currently approved, you must contact the [relevant area] for interim approval."